from this I know my slave-jenkins user has the permissions, and therefore whoever is actually running the pipeline code, a) is NOT my slave-jenkins user and b) is a user who doesn’t have DOCKER permissions.

possible fix - find who the user is (probably someone from the jenkins master/host) and set that user & UID up on the slave.

Solution

endless googling and reading various peoples situations finally stumbled across this user @carlossg comment on here: (https://github.com/jenkinsci/docker/issues/263) where its suggested to do the following:

Try chmod 777 /var/run/docker.sock and then reduce permissions as needed

however, as we all know, chmod 777 is not a good fix security-wise so this still needs to be completed with the best permissions.

SELinux to the rescue?

but SELinux keeps messing with my chmod?

weird thing cos my setenforce was set to ‘permissive’ but on reboot of my docker vm (every night) the permissions of /var/run/docker.sock were reverted back. don’t know selinux well enough to confirm that’s the behaviour, only that chmod didn’t stick, so had to look up & figure out selinux ACL’s to enfore ‘777’.